- You’ve read 12 steps to take now from the ICO in preparation for the GDPR. ✔
- You’ve read our Start Preparing For GDPR Today blog. ✔
- You’re aware that the law is changing, and GDPR will apply from May 25th 2018. ✔
- You acknowledge it will have an impact on how you manage the information you have on customers, marketing recipients, suppliers and employees. ✔
It sounds like you’re on the right track when it comes to GDPR. Now, it’s time to move on to step 2 – documenting the information you hold, where it came from and who it’s shared with. Hang on a second. This audit is much bigger than you first thought.
Do you have customer data sitting in different websites, billing systems, customer relationship management and email management systems?
Does your business hold sensitive information kept on paper in files such as health information (e.g. think children’s nurseries, nursing homes for the elderly)?
An audit of all the information you have in your business is required but you don’t have the time or skills to organise it yourself. You’re on step 2 out of 12 and you’re facing up to the fact you need help from a GDPR expert to get it all done.
If the above scenario sounds familiar, you are not alone. Although many of the principles in GDPR are similar to the current Data Protection Act (DPA) there are now extra requirements. GDPR puts an emphasis on accountability and that means documenting the data you have, how you share it and how you protect an individual’s privacy.
Who who can help with GDPR?
If you are seeking a qualified expert to help prioritise data and complete the vital steps towards compliance with GDPR read our three tips on choosing your GDPR consultant.
1. Do they have a legal or data protection background?
A person with a legal background or first hand experience of data production legislation including the current Data Protection Act 1998 is a must.
2. Are they providing software or GDPR expertise?
An understanding of data protection has to come first. It is possible for some organisations to achieve compliance working with existing systems. You want someone to interpret how the legislation applies to the complexities of your business and who can then provide a clear road map to compliance.
3. Do they have GDPR crisis management experience?
Can this person advise and represent your business should you suffer a data breach? A consultant that has worked with you to achieve compliance will have the information and knowledge to help you manage any scenario being investigated by the Information Commissioner’s office.
Useful GDPR links for business:
- Preparing for the General Data Protection Regulation (GDPR) from the Information Comissioner’s Office (ICO)
- The ICO’s Guide to the General Data Protection Regulation (GDPR)
- Federation of Small Businesses video on GDPR by Elizabeth Denham
- Small organisations advice section on the ICO website